783 matches found
CVE-2019-7263
Linear eMerge E3-Series devices have a Version Control Failure...
CVE-2025-68398 Weblate has git config file overwrite vulnerability that leads to remote code execution
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue...
ALSA-2025:23667 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
CVE-2025-68165
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup...
CVE-2025-68165
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup...
CVE-2025-68165
CVE-2025-68165 is reported for JetBrains TeamCity: reflected XSS on the VCS Root setup in versions prior to 2025.11.0. The connected Nessus entry confirms the vulnerability exists in TeamCity
CVE-2025-68165
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup...
PYSEC-2025-231
Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...
JetBrains TeamCity 跨站脚本漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A cross-site scripting vulnerability exists in JetBrai...
EulerOS 2.0 SP13 : golang (EulerOS-SA-2025-2521)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...
CVE-2025-67640
Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...
EUVD-2025-199412
Malicious code in @voiceflow/git-branch-check npm...
Command Injection
check-branches is vulnerable to command injection.The vulnerability is due to the tool trusting branch names as plain text and concatenating them into git commands, which allows an attacker to craft malicious branch names to execute arbitrary system commands...
CVE-2025-64688
In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget...
EUVD-2025-44049
In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget...
CVE-2025-64688
CVE-2025-64688 is rejected/not used per the initial description.
CVE-2025-64688
...
编号撤回
JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in versions prior to JetBrains YouTrack 2025.3.104432, which...
PT-2025-46157
Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2025.3.104432 Description A missing VCS URL validation in JetBrains YouTrack allows delegation to unauthorized repositories through the Junie widget. This issue affects versions prior to 2025.3.104432...
CVE-2025-64112
Statmatic is a Laravel and Git powered content management system CMS. Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fix...